Vulnerabilities > Apport Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-28 | CVE-2019-15790 | Improper Privilege Management vulnerability in multiple products Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. | 3.3 |
2020-04-22 | CVE-2020-8833 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. | 4.7 |
2020-04-22 | CVE-2020-8831 | Link Following vulnerability in multiple products Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. | 5.5 |
2020-02-08 | CVE-2019-11485 | Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. | 2.1 |
2020-02-08 | CVE-2019-11483 | Sander Bos discovered Apport mishandled crash dumps originating from containers. | 2.1 |
2020-02-08 | CVE-2019-11482 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. | 1.9 |
2020-02-08 | CVE-2019-11481 | Link Following vulnerability in multiple products Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. | 7.8 |
2019-08-29 | CVE-2019-7307 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apport Project Apport Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. | 7.0 |
2018-05-31 | CVE-2018-6552 | Unspecified vulnerability in Apport Project Apport Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. | 7.2 |
2018-02-02 | CVE-2017-14180 | Resource Exhaustion vulnerability in multiple products Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. | 7.2 |